Enforce an authentication policy for every access per session

We can enforce an authentication policy once per session or every time a user accesses a protected resource. In this scenario, the authentication service relies on the authenticationTypes credential attribute to determine which authentication policies the user successfully completed during the authentication session.

Use this task to enforce a particular authentication policy every time the user accesses a protected resource during a session.

Steps

1. Log in to the local management interface.

2. Click AAC.

3. Under Policy, click Access Control.

4. In the center panel, click .

5. Enter a name for the policy.

6. In the Rules section, set the Precedence property to First. As a result, the policy returns a decision for the first rule in the policy that evaluates to true.

7. Click Add Rule.
8. Click authenticationTypes from the attribute list.

9. Select has member as the operator.
10. Enter the unique identifier for the policy. For example, to enforce only the user name and password policy add the value: urn:ibm:security:authentication:asf:password.

11. In the Decision list, select Permit.

12. Click OK to complete the rule.

13. Click the arrow next to Add Rule.

14. Click Unconditional rule.

15. In the Decision list, select Permit with authentication.
16. In the Authentication list, select Username Password. This selection results in request for a user name password from the user.
17. Click OK.

This scenario uses the following settings in the policy editor:

• Precedence: First
• Attributes: Optional
• Rule 1: If authenicationTypes has member urn:ibm:security:authentication:asf:password Then Permit
• Rule 2: If Permit with Authentication Username Password

Parent topic: Policy scenarios